Analysis Overview
SHA256
e8b236a129fbc77fbf8a5be96f867e76338d6db56ef5bda0aa0c6dc6668ff579
Threat Level: No (potentially) malicious behavior was detected
The file a439505545bf354463b2466a951934ae_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.
Malicious Activity Summary
Suspicious use of WriteProcessMemory
Enumerates system info in registry
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of SendNotifyMessage
Modifies Internet Explorer settings
Suspicious use of FindShellTrayWindow
Suspicious use of SetWindowsHookEx
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-13 06:33
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-13 06:33
Reported
2024-06-13 06:35
Platform
win7-20240611-en
Max time kernel
134s
Max time network
132s
Command Line
Signatures
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{D207FEF1-294E-11EF-B848-DEDD52EED8E0} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "424422267" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000005ec80cf279b2564c91633e21940a807600000000020000000000106600000001000020000000d34588b81bc1788186f15cb5576cb7b004a9c3c3a956a4a9832a1864f064fac8000000000e8000000002000020000000531a6f5f7bf440faa7a28c72b839cf0f60ca26b262a89c30d4ade13fc05ff08b20000000f9454cfdf85ca56b729fb2088db4855674fc89f3f80221c7fd88ef21530b475b400000007afe116c1a137c2d402b54ba2f798723e7f067b19275b98de679cd3ccceeffa7fa11d5c2b60669cbba2648fa16507ce790a136e10a3cc975eb80bcd0b1766d81 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000005ec80cf279b2564c91633e21940a8076000000000200000000001066000000010000200000007d0abee7dce023af42529ec015e8dffe24f6a314c6ec417d4e5de918672265f0000000000e80000000020000200000004d2ed38bdba9093992fbed5b3ef1b4aa746bbfa357094a8e085aabb0d5a629e290000000c92c512432e6a259a7f2d238cfa7b70bad767b991f9bf13e5446380af483bf8b2f26e8bead7ddf4ba27acbd2467dfb647d804015e039340d7ffb10bc8d7b170c578f649ef9d78640d3450d8ed0c19d4ba5223de547737e759c344c9f50d65e6ea6140663594463c7dd850ac454555457d1d76d2d343ea449c800bb3a5d70b07ed6f04e55a28875f6a766d8990e8668c44000000089697432931375631297044be17bfeb39082559301e6dad24887f48c50e0bd95156a00e490b2e0f5eb41616f1743611d2ecb2158ef51e99a57efb2019d53ef8e | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 2084cca85bbdda01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 2100 wrote to memory of 2568 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2100 wrote to memory of 2568 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2100 wrote to memory of 2568 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2100 wrote to memory of 2568 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a439505545bf354463b2466a951934ae_JaffaCakes118.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2100 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | bangladeshdailynews.com | udp |
| US | 8.8.8.8:53 | secure.gravatar.com | udp |
| US | 8.8.8.8:53 | fbsmy.com | udp |
| US | 8.8.8.8:53 | banners.hotforex.com | udp |
| US | 8.8.8.8:53 | www.learningtoolkit.club | udp |
| US | 192.0.73.2:443 | secure.gravatar.com | tcp |
| US | 172.67.140.136:443 | fbsmy.com | tcp |
| US | 192.0.73.2:443 | secure.gravatar.com | tcp |
| US | 172.67.140.136:443 | fbsmy.com | tcp |
| US | 199.59.243.226:443 | www.learningtoolkit.club | tcp |
| US | 199.59.243.226:443 | www.learningtoolkit.club | tcp |
| US | 8.8.8.8:53 | e5.o.lencr.org | udp |
| US | 8.8.8.8:53 | e5.o.lencr.org | udp |
| BE | 23.14.90.91:80 | e5.o.lencr.org | tcp |
| BE | 23.14.90.91:80 | e5.o.lencr.org | tcp |
| US | 8.8.8.8:53 | brokerfbsms.com | udp |
| US | 172.67.222.129:443 | brokerfbsms.com | tcp |
| US | 172.67.222.129:443 | brokerfbsms.com | tcp |
| US | 8.8.8.8:53 | ms-brokerfbs.com | udp |
| US | 104.26.11.43:443 | ms-brokerfbs.com | tcp |
| US | 104.26.11.43:443 | ms-brokerfbs.com | tcp |
| US | 8.8.8.8:53 | apps.identrust.com | udp |
| US | 8.8.8.8:53 | apps.identrust.com | udp |
| BE | 23.14.90.73:80 | apps.identrust.com | tcp |
| BE | 23.14.90.91:80 | apps.identrust.com | tcp |
| US | 8.8.8.8:53 | cdn.ms-brokerfbs.com | udp |
| US | 172.67.73.225:443 | cdn.ms-brokerfbs.com | tcp |
| US | 172.67.73.225:443 | cdn.ms-brokerfbs.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
Files
C:\Users\Admin\AppData\Local\Temp\Cab5CE1.tmp
| MD5 | 49aebf8cbd62d92ac215b2923fb1b9f5 |
| SHA1 | 1723be06719828dda65ad804298d0431f6aff976 |
| SHA256 | b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f |
| SHA512 | bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b |
C:\Users\Admin\AppData\Local\Temp\Tar5D9F.tmp
| MD5 | 4ea6026cf93ec6338144661bf1202cd1 |
| SHA1 | a1dec9044f750ad887935a01430bf49322fbdcb7 |
| SHA256 | 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8 |
| SHA512 | 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 11c7702f924fa0832c2008fc23cba7b5 |
| SHA1 | 111548156f919e176037f56fd1d1c5bb54291318 |
| SHA256 | a0b7d64ab3a74b47280bd1bcf700db1c4d46ee0dcfdfa4ffb192854dac3dcff0 |
| SHA512 | 829b967d29756e633af0d37c5e5f964868993c1299ae7857cd8234f47356765e02e5a38ba0c931436973ee0b2e65a179b7577b449a716e29f3533d97f124e8b1 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 30222a7ecaa03912abb279fb41238a47 |
| SHA1 | e51feead688706f82a848a10dda32e0279b4d13f |
| SHA256 | 78756a676c2c1a9ebb61aa16d1c66dccf19c29c0a1849e5a6593f0bf9c1602e4 |
| SHA512 | 87ca2fed4b9bc6f4fff85cccb2c18879624b42f71f4a472a1d7706109f243a69ed307887817dfbf7a56ecf11ff271ae37ddcb4ba914ea7f2173492e3481da64a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 6efc2aad54c949f1e16323170a99e53a |
| SHA1 | 0fdeca7c6a6eded3a057bf6aaa9e6ff5f83ca85c |
| SHA256 | 013a07ae3c69b98c9e8fdb2b619a7a786e73675ae3c3a9f70b8fdbd849dde257 |
| SHA512 | bb49106df66a670629813b60b5f22fbcf373efdcb1c98756934f7fd5454709e6fd2b0be24efed22f96eecce76b5b40fc6a9674afa55a2ad16f6108701ff1a884 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 4aedde8080bc96abdbd879878dffe4d8 |
| SHA1 | 889c1782760b0b37879e75f024a4ae4b2115d47b |
| SHA256 | 12cbb513e8264d17f9b606cbc079eba740f08b17c749b0b936517a33d0428744 |
| SHA512 | 6750ca2b7aa1686314da303c667fee2413dfd324fac491880c0deae1dbeb097cff6f02e211ef39221d7cbbd5e19558091e3381a2e18bfb190b83fa9d6ce34b91 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d2815a362899fe11a9cc726c5a20617e |
| SHA1 | a065c5934b28a0dbec18f76527f625d04a8fa357 |
| SHA256 | 8bac971cb647a0ac025102a3df6eb5784522275761eff382fb883678fe434125 |
| SHA512 | 47b3ffc4fe450f91a7feb1f137946fdd53d5c51fa88a8168ae6a5f93993e4e1685a8297d3890f81279fc1e0c3177eb26ec45564c970d7711683a5643ba6873c3 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 9b75da4e029bfd56af25ca6e55509143 |
| SHA1 | 650f1e7879a653f8f79c69b269cc044fda6c4d16 |
| SHA256 | fec5c1eed2b4e4f42f27cd9d2508d8c194918232b0baf861fa0eb0db2a08a826 |
| SHA512 | c3b911033443785e7ce41cf8ae0b8d4dc83c3d971140fee3c54461ff94752e244b634461b77aae0ddb316310c2ff7489bd7ff4e3b86f8e66394ffa79d0f4e933 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 6f74151c827f7f4f62e8cd4a5be7fc0a |
| SHA1 | 7c9774271198a3053715a5462a91683073c37b25 |
| SHA256 | ea232398c6f03843f4ec864909ba8e06221058db9d295b6be3fde9addc9d4da0 |
| SHA512 | 8abe499103f665222ed68e7e4e5144fd52d23765de73ae68903ba19ce08455df2d02f18fe93679d4574c6fd9a336111ef0631d935f27248a419ed04448fce01a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | cb928211e566ee025e84742ef4f206c9 |
| SHA1 | 583766e3f000d54691b1d37c0395fc7776572417 |
| SHA256 | 30793caa326150133b32f09165ba50ec7e6b5ad192f7b1e6a66b8f58361265ae |
| SHA512 | 28ecc826d25149d1ffa87bb0fa03a65274a4cfc1da04167b71cf068bc3daf419ee1e57491f1beb27f89b54beb0ba843c62b260a1dfe811c759f23420f63e7dd9 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ae7269c39f763a49668ee33f546f32bd |
| SHA1 | 8a4cf957650f8c940026168a2e5b1d7176fd32e6 |
| SHA256 | 4328af288e731bd737f1500df750901cbc131a94b946cc8edd5d858279010000 |
| SHA512 | 1969079d11e2503763e14beb057c8d4d8ed339ed8d45fcef8b99c997eb3c6377238e8061a343e7fc56c24fb12517bbaa958680d4f0c123ed5e7d9e2845a7be9b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ad15748bd8c4eae07e499186aa48f656 |
| SHA1 | ef391d899620b8acdb77f8799eea8357ea47ffe9 |
| SHA256 | 13e5b887f095b6d2906bdaf94ede763e5ec2b0a9bcbc7649d405117a44f0a6f2 |
| SHA512 | 24054acf5d8ec565bdadda9c9e8b2c51800512710b19f96283206c7e1f21f4d01fdbeae4eb50935ec826f011e5607f20df89916bf45f3f4a7ee62fa232178867 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c6da8bc358d23eb0bdc1f54655fbe435 |
| SHA1 | a92287d95e1c02e41a95cc9238758adf6df0f7d2 |
| SHA256 | b9ab9d448d3b73ed073ce7e092bdabf0d9dab1347de45b55d78a2bbc543bfb27 |
| SHA512 | 6580d3478de462491186c7cfe87ed191a0e137f0b91d38b132c1c5ba69829e521e09cea22e23e1ec2b064fa58bb581358abffdda39257f7e7ecebbe7678bbad7 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 88bf9293ebd1e71e0c437db32c34a671 |
| SHA1 | 8f9adcf69e5a03904aa3b9a97f1fa9fe6b0c5840 |
| SHA256 | 5039d2b709bcd1375a6db8a64e0e95476d0be7e8768d07338a4a7bea4cd719a1 |
| SHA512 | 28829351eb8e45baf2c7a693cb098dcb8f10506008142498e033b29904bd787325fef4905f1f914287259752d00fe18f23f76a82da13982ef074b348968cdbb7 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 3659feffdf718e80d15b514903a874f1 |
| SHA1 | 3fc09b37bd4979a15b8d5862b79032b226be4dd8 |
| SHA256 | ce2e83ed8cdec4f2e3a293b02f70995817e4ab19b7db353edc60aa6c86a1de51 |
| SHA512 | 54202f54ce6fe8aa800658721e3bacc65b9ea06f0ffe54ea1de2b9ecc587f16f3fbeced97a29ad8d3b0dccf7d94806cac0feb7547120b883b70b828bad9e824e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 4274d4adf855eee239bf3889e91cd166 |
| SHA1 | 6c666957422bdadb24348a9ea978b6d2b508f002 |
| SHA256 | eeff8b4f50bca367fabf81c810dcb6aa1ef7096c377e66778ff71d284c9c6f0a |
| SHA512 | a38f22e3da1a910f214fbc2997017cd28a5d182ae3ace74c2f59d595716dd4aba163d6e3d61a46b45cab9ac720efb314d4ced8c2b71d820e8ce85b4ba216f153 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c18cbd1a3dda122e6eb1bbdeebd8f072 |
| SHA1 | 8d062934aa0040cc48f623348b9e410d83ddcb3f |
| SHA256 | bc93e6613ed4088953c84192d2304539d27fce10978cc1bd05673a463a875db6 |
| SHA512 | 1467c6ea12ea35ec785dcca98b918357102af1034332eaba3fa5b18fab1593425915d9e6788eb1bc733cfecc582cd54f1ba80319c9ba37f7ed2ed689675ad3c0 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | aa54d9b1e0a81b57d39616e60b5ac26f |
| SHA1 | d164c059038e73d7ef1bbd2245ee985137fa28b7 |
| SHA256 | 96c3aee53d70cbb4a88e1d5ecf0037917faa8bd168b4728e6cdf792d8a69a294 |
| SHA512 | 519ae0b3904c25a5bd07411573b9be263ecca9e85f22d343f27aed4b5391fcabd7ce976f0fac9160a27501e4408dc241fa22ce8d5587204e9911c13637377111 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 208c90c8565cf6503ffe9c565aa00cf9 |
| SHA1 | 15ee498f62e67b65039a073a19afe9e8a84f1cbc |
| SHA256 | 396ce229bcb14fb174d87320e23b86016cebb346291be3cee2a34967513668a9 |
| SHA512 | 0477caf02a80652d91c65ab468a64b31f22736ce109c071b1083d1fd6f340f5e795994bea57dac156db41cee44bfed7c655ade603fbb870bce0b33ba3448ace1 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 2eaf917f3316fde52839b459daae35df |
| SHA1 | 1789b81c22e3e03dc3dcfb0735390e9caaf45915 |
| SHA256 | bdc4910e6aa0ae3e6e702a7033ec9ce1fc56e7caf4febf129a9450e30b69d84a |
| SHA512 | 288ec0285687eddc248831f078960733e33c35bc40671297c378da09bf51b1dbce711163ea0054ac46d75b76fbc7b7bd33710e9579397106eee84affad26439e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 4bf9994c4e21dd8c11faa83229dd2f42 |
| SHA1 | 75e80282975b0e4324b792de11cf2a69fa8d1022 |
| SHA256 | b29f1aa75efd0b0873391dccb3c976032c4591658ea062309a8a0a6bdf5e537d |
| SHA512 | 45692f747431dc01fd2a32c8b2d5473aaa125cfac40da1fe27c92f010554461bdd0ff7ea3cc5bf4fedee8aefef110ce9c760709994731187a2802d9e5614be02 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d0a96f8d54e09ac0cd722d954b235f2f |
| SHA1 | 212370ddfd62e80885030b030271728eb27bbfb6 |
| SHA256 | 6948b40740c372192a005434316fdece9d13331acce9f80f1b864f956f37aafe |
| SHA512 | 86ff6ade0c70743776d9ee13bce32adcab27e43f49e37e0a73fb1b05c72ad890976dcaed4f6d8f40c74fa0b7fa083ec5c4713b7200dd3e6f10d52178d901a56b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 406f2c0117cdde02844224e0b49a6d1a |
| SHA1 | 00c14178eb55ff21ea260eeb6f60bc4a53fe9244 |
| SHA256 | 597a77809b575328582cdd734bc51ae52d6bdf87172038c3f633d8f59816475a |
| SHA512 | aedd70bf74a101bce3d7de908be736e2b3cf73d673710359e8bf5fec27ab0321206493693278cbaff7a2e1f454bb9b353f50fa366979bbb56d938385aabd056a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 5b672a857162472dcf084979baa678aa |
| SHA1 | 0ffb2c4915de6db6b89fa976f97d1fb6315685b7 |
| SHA256 | c575420dc0527a141a47ff6513596c6d9facde41b6f9b0dfeb734e396f522c78 |
| SHA512 | 5fc1627f2f5284d89199f1f4b83ad3ed748870260d772a7b506fe672133b52ac293701f4bfa38ed8c69fb4283b655817f1d32b045fbbe6e40ca8472999859ed6 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a37e15d22a1c63f136d542255548e9ca |
| SHA1 | 1defe2be6d61487177ee2b5de83f40e73297173b |
| SHA256 | 0d67d7461a6b2255b7c0ae4ac71cb76312fa11195e7b363e608b6c5139edde7b |
| SHA512 | c4cc796991abd3079c92fa202455810641ec40878a61c92bea4cbe0f09c2bcf87cd01adb5f20c574cba90e5923a5194c633672cbe9a1a10d7355d520adf209c3 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 43235f057cb1f62b419e041fe51cfe60 |
| SHA1 | 4d9353649e97bbb299b8ddc200c28e876effa76b |
| SHA256 | 26f0ddaeb45576494c03c9d84dbc222d23267089866f3b3d3d58848f1a28d439 |
| SHA512 | 8f7bb03cc47a757fc1797e4434d898917ce89568cd4c2469497aac291b67d7b337dcaa21c82bf537010f183d2d10c12e5e012370c48f16d67dec52ab2e0fdd81 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-13 06:33
Reported
2024-06-13 06:35
Platform
win10v2004-20240508-en
Max time kernel
145s
Max time network
124s
Command Line
Signatures
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a439505545bf354463b2466a951934ae_JaffaCakes118.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffdbd5146f8,0x7ffdbd514708,0x7ffdbd514718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2100,10205707041487407053,10422861662207440712,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2116 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2100,10205707041487407053,10422861662207440712,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2316 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2100,10205707041487407053,10422861662207440712,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2304 /prefetch:8
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,10205707041487407053,10422861662207440712,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3240 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,10205707041487407053,10422861662207440712,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3256 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2100,10205707041487407053,10422861662207440712,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4936 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2100,10205707041487407053,10422861662207440712,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4936 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,10205707041487407053,10422861662207440712,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4712 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,10205707041487407053,10422861662207440712,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4588 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,10205707041487407053,10422861662207440712,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3360 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,10205707041487407053,10422861662207440712,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3420 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2100,10205707041487407053,10422861662207440712,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2280 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | www.learningtoolkit.club | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | bangladeshdailynews.com | udp |
| US | 8.8.8.8:53 | s.w.org | udp |
| US | 8.8.8.8:53 | bangladeshdailynews.com | udp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 4158365912175436289496136e7912c2 |
| SHA1 | 813d11f772b1cfe9ceac2bf37f4f741e5e8fbe59 |
| SHA256 | 354de4b033ba6e4d85f94d91230cb8501f62e0a4e302cd4076c7e0ad73bedbd1 |
| SHA512 | 74b4f7b24ad4ea395f3a4cd8dbfae54f112a7c87bce3d286ee5161f6b63d62dfa19bb0d96bb7ed1c6d925f5697a2580c25023d5052c6a09992e6fd9dd49ea82b |
\??\pipe\LOCAL\crashpad_4696_GTKPYGQDELMYHZBJ
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | ce4c898f8fc7601e2fbc252fdadb5115 |
| SHA1 | 01bf06badc5da353e539c7c07527d30dccc55a91 |
| SHA256 | bce2dfaa91f0d44e977e0f79c60e64954a7b9dc828b0e30fbaa67dbe82f750aa |
| SHA512 | 80fff4c722c8d3e69ec4f09510779b7e3518ae60725d2d36903e606a27ec1eaedbdbfac5b662bf2c19194c572ccf0125445f22a907b329ad256e6c00b9cf032c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 359ee6ba104d3a08c9274e45369c924d |
| SHA1 | 644714b832d40e28c2d621c2fc37c9c5f37d6d11 |
| SHA256 | 0fae572b16aaf678219199a3a049eda53edcb01f0c6e00bb3d1786a478ea55fb |
| SHA512 | 2df06c3ac57ded7247a5cd352d2792023324bd257f09ff2a190e6880669879fcfa0fb4cae4541a0daee4c6a83a14d704f9bb9b7b8e2e0f52fc86192a8e80c14e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | d33feb8036e43b76df85ec525e4e03c5 |
| SHA1 | 90f204ebbe466af8aab0af72c3d8a8d5ab9b4086 |
| SHA256 | 4872f8e6486f74e718f1689be0a71d764593b6eb15878e4e89fb65521a9b2c08 |
| SHA512 | 6d42e0cd9c92a47958ab940cd9f3d5204059df71458c61e7821f11234303fc86eb2a3c724e6ff60ecc8323fbba5ed42d70048c6c76e7c3dd5a51831d0e30d844 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | ad7394bb2073357c9ad45b87de168ad5 |
| SHA1 | 87db92ebd247d428b0de1abf31be485bcd59cce1 |
| SHA256 | d78ed66e1d1867d589f70a9714f566d44b40a0c2bb7d438a45bce12e349d5207 |
| SHA512 | e0855ba41786deb365f3b76e4b9c00f9e14e373afc506f773b99414add696ab5dd715eeea85bd1c69a6e872e4450a0939315a89dfe53be8b45f9c043acf0c7aa |